Estos contenidos se han traducido de forma automática para su comodidad, pero Huawei Cloud no garantiza la exactitud de estos. Para consultar los contenidos originales, acceda a la versión en inglés.
Centro de ayuda/ Elastic Cloud Server/ Preguntas frecuentes/ Login and Connection/ Remote Logins/ ¿Por qué no puedo usar un puerto de SSH no predeterminado para iniciar sesión en mi ECS de Linux?
Actualización más reciente 2023-08-08 GMT+08:00

¿Por qué no puedo usar un puerto de SSH no predeterminado para iniciar sesión en mi ECS de Linux?

Symptom

After changing the default SSH port, I could not use the new port to log in to my ECS.

Possible Causes

  • The access to the new port is not allowed in the security group.
  • The new port is not enabled on the firewall.
  • The new port is not added to the SSH configuration file.
  • The hosts configuration file is incorrectly configured.

Checking Security Group Rules

Check whether the security group is correctly configured.

For example, if the new SSH port number is 2020, ensure that there is a security group rule without restriction in the outbound direction and allowing access to this port in the inbound direction.

Checking Firewall Rules

Run the iptables command to check whether the new SSH port, for example, port 2020 is enabled on the firewall.
  1. Log in to the Linux ECS.
  2. Take CentOS 7.3 as an example. Run the following command to edit the iptables file:

    vi /etc/sysconfig/iptables

  3. Add a rule for port 2020.
    -A INPUT -m state -state NEW -m tcp -p tcp -dport 2020 -j ACCEPT
  4. Restart iptables.

    systemctl restart iptables

Checking the SSH Configuration File

Log in to the ECS and check the SSH configuration file.
  1. Run the following command to check whether port 2020 has been configured:

    vi /etc/ssh/sshd_config

  2. If the port has not been configured, replace #Port 22 with Port 2020.
  3. Run the following command to restart SSH:

    service sshd restart

Checking the hosts Configuration File

The /etc/hosts.allow and /etc/hosts.deny files of a Linux ECS are used to permit or deny an IP address or an IP address segment, respectively, to remotely access the ECS using SSH.
  1. Add the following statement to /etc/hosts.allow to allow the IP address 192.168.1.3 to access the ECS using SSH:
    sshd: 192.168.1.3
  2. Check /etc/hosts.deny. If sshd:all:deny is contained, comment it out.

    If a rule is set in both hosts.allow and hosts.deny, the rule in hosts.allow takes precedence. For example, if "sshd: 192.168.1.3" is set in hosts.allow and "sshd:all:deny" is set in hosts.deny, the ECS allows only the SSH login from IP address 192.168.1.3.